Donky Security Standards
Provided by Dynmark
Dynmark has made substantial investments in our platform and systems security standards in order to comply with various national and international standards:
- fully ISO 27001 compliant
- IL3 / BIL3 certified – we are a member of the Governments Public Sector network – more info
- SIG approved – Security audit performed by Santa Fe Group as part of our Partnerships with both Nice systems and Acxiom, where customer data security is paramount – more info
Administration, Data & SaaS toolkit
We operate dual fully redundant hot/hot configuration across two geographically separate sites in a clustered configuration. Each site is firewall protected and is fully load balanced. Each site has connections to multiple ISPs to ensure a fully redundant service. In the last 12 months we have averaged 99.95% uptime (excluding planned scheduled maintenance). Physical security complies with ISO 27001 and IL3 standards.
Note: All public facing servers are penetration tested on a monthly basis using the industry leading NESSUS Vulnerability Scanner by Tenable, as well as regular vulnerability scans by PCI compliance. Further penetration testing can be arranged if required on request.
Donky Messaging Network
The Donky Messaging Network is hosted within the Azure cloud with its stringent security controls – more info
Message transportation utilises the latest 1024 bit HTTPS encryption technology which surpasses any other OTT network currently in operation today.
Spam and the Donky Messaging Network
It is a concern of some that the network or its users could be open to spam threats. Donky by design does not allow access to the directory of registered users directly, therefore making obtaining the necessary data to launch a spam attack difficult. In addition the Donky Messaging Network has anti-spam measures built into its very fabric; these measures watch all user son the network and automatically throttle users that have exceeded an acceptable message sending rate. In addition to rendering the network useless to spammers by automatically limiting their send rates Donky can notify administrators and external systems of these users for investigation and probably suspension.
Traditional Spam is driven by Bot Networks (botnets), paid for networks of compromised machines that are attacked by a virus that allows control of their mail systems by a third party to instigate message sending. Spammers rent botnets to send out vast numbers of SPAM. It is the vulnerabilities within traditional operating systems that allow the viral attack to be effective deploying the malware to turn a desktop into a spamming engine.
This does not apply to the P2P app based DONKY network, as the facilities to send messages to the Donky Messaging Network will not be present on the enslaved machines. For a spammer to begin to spam through the DONKY network they would have to:
- Gain access to an integrators private API keys
- Build a local environment on a server or desktop to emulate a Donky enabled phone app.
- Once emulated they would need direct access through API’s to access the DONKY network as a user.
- Only then could a potential Spam attack be considered, but would be stopped by the automatic anti-spam throttling.
Spamming is a business and will always use the path of least resistance for this reason this is why the concentration of spamming still occurs via email, through the use of botnets.
Although Spamming can never be considered as not being a potential threat in the future, there are no use cases or instances or technology that would allow spamming through P2P OTT networks currently.